Create a Cognito Test User


From @Jaikant on Tue Dec 05 2017 03:43:27 GMT+0000 (UTC)

The time on your system is off by more than 5 minutes, which is flagging this has an error. You can use ntp to keep the time in sync.

On 05-Dec-2017, at 1:19 AM, Sarah Jackson wrote:

Hello I am getting an error others haven’t seemed to have run into. I’m very new to AWS, and Serverless is my first go at using it.

In windows powershell:
aws cognito-idp admin-confirm-sign-up
–region us-east-2
–user-pool-id us-east-2**********
–username \

I get the following error:
An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: Signature expired: 20171204T063700Z is now earlier than 20171204T193202Z (20171204T193702Z - 5 min.)

Advice would be greatly appreciated so I can keep chugging through this tutorial :slight_smile: i have changed it all to be the correct region as well. I don’t really understand what my error means

You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread


From @jayair on Tue Dec 05 2017 04:09:57 GMT+0000 (UTC)

@Jaikant Oh that’s a good catch.


From @johanseland on Wed Dec 13 2017 19:23:46 GMT+0000 (UTC)

I also got the InvalidSignatureExceptionError when trying to run admin-confirm-sign-up step. Strangely the sign-up step worked as expected, so there must be a difference in how these two commands escapes the secret key.

I am adding this here in case someone else runs into problems, as this issue pops up on top of the Google search.

The error:

An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: The request signature we calculated does not match the signature you provided. Check your AWS Secretr Access Key and signing method. Consult the service documentation for details.

This was caused by my secret key containing a plus ‘+’ sign.
This happened on a Windows 10 installation with the following awscli version.

C:\WINDOWS\system32>aws --version
aws-cli/1.14.9 Python/3.4.3 Windows/8 botocore/1.8.13

Once I regenerated an ID/Key-pair without a plus sign, the error disappeared.


From @jayair on Fri Dec 15 2017 17:03:11 GMT+0000 (UTC)

@johanseland Thanks for the comment and the context.


From @ryanattick on Wed Dec 20 2017 23:13:40 GMT+0000 (UTC)

@svj13 I’m having the same problem you had and can’t figure it out. How did you verify the test user through AWS rather than through the command line?


From @karthickng on Fri Mar 09 2018 06:34:45 GMT+0000 (UTC)

I had the InvalidSignatureException issue, and it was resolved once I added a new access key for the admin user! I don’t know the reason why, but this worked for me.

Note that something similar has been pointed out by @bedney in the discussion at


From @pflugs30 on Sat Mar 17 2018 16:06:22 GMT+0000 (UTC)

I’m having the same issue as @KelpDuNord above where the sign-up command worked, but the admin-confirm-sign-up command does not work.

I run:
aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id us-east-1_mV4oIXtXy --username

I receive:
An error occurred (ResourceNotFoundException) when calling the AdminConfirmSignUp operation: User pool us-east-1_mV4oIXtXy does not exist.

I’ve done the following:

  • Generated a new Access ID and Secret Key for my serverless system account (since mine had a ‘+’ in it and I’m on Windows)
  • Delete the user pool and start over
  • Confirm the user pool id is correct and in the same region as the command
  • Use the ARN instead of user pool id
  • Tried running the describe-user-pool command with the user pool id and having the same error
  • Confirmed my AWS configure was correct and that the serverless account has admin access

I will confirm the user manually through the console, but I want to know why this is happening. Any ideas? Thanks.


I figured it out. My AWS credentials file was corrupt, if you can call it that. It had two credentials under the [default] name. I’m not sure how that happened. I discovered this problem by running aws configure again and seeing that my new keys weren’t being persisted. On Windows, I navigated to %USER_PROFILE%\.aws and edited the credentials file in a text editor as opposed to through the command window. Then, when I ran my command to confirm the user, it worked as expected.


From @jayair on Sat Mar 17 2018 19:49:51 GMT+0000 (UTC)

@pflugs30 Flag you figured it out. Thanks for following up.


From @codywr on Fri Mar 23 2018 02:22:08 GMT+0000 (UTC)

I started the tutorial a couple months ago and ran into some problems. I only just recently picked it back up trying to double check each step and noticed an error on this one.

Doing this on a Raspberry Pi (running Raspbian) and have noticed that some of the libraries are quite old. That said, here is my aws version:

pi@raspberrypi:~ $ aws --version
aws-cli/1.14.28 Python/2.7.13 Linux/4.9.59-v7+ botocore/1.8.32

I believe I was able to create a test user just fine with:

pi@raspberrypi:~/sandbox $ aws cognito-idp sign-up --region us-east-1 --client-id $my_client_id --username --password Passw0rd!

but when I go to confirm the creation, I get an error:

pi@raspberrypi:~/sandbox $ aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id $my_client_id --username

An error occurred (NotAuthorizedException) when calling the AdminConfirmSignUp operation: User cannot be confirm. Current status is CONFIRMED

Checking the aws console shows successful creation and confirmation (I think):

Is this all expected behavior? I have double checked the region (a frequent problem it appears) and created a new IAM (Access key ID , Secret access key) pair (and re-running aws configure) to no avail.

I would like to echo what others have said about including expected output in this section of the tutorial and/or some common problems and how to resolve them.


From @jayair on Fri Mar 23 2018 18:35:14 GMT+0000 (UTC)

@codywr From the Created and Last Modified date, it seems like the user was created a while ago? Maybe you had it confirmed back then?


From @codywr on Fri Mar 23 2018 23:20:32 GMT+0000 (UTC)

@jayair Can it only be confirmed once? I was expecting a confirmation each time I asked for one. From the look of the error (NotAuthorizedException), I was thinking this was some sort of permissions problem.


From @jayair on Mon Mar 26 2018 17:49:21 GMT+0000 (UTC)

@codywr Yeah it can only be confirmed once. The error is weird but I’m pretty sure it’s because it’s been confirmed before.


Hello, I am trying to create a cognito user – using windows powershell for AWS.
advice requested on how to create ; thx.


Hmm I’m not too familiar with Windows but can you use --region instead of -region? Notice the two hyphen characters instead of one.


I tried to use the command given in the chapter, but have gotten a different error from everyone else it seems. Here’s what I see…

$ aws cognito-idp sign-up --region us-west-1 --client-id $clientId --username $email --password $password

Could not connect to the endpoint URL: “

Edit: Nevermind, I solved it! I had created my cognito user pool in us-west-2, but I thought it was in us-west-1.


Hi, I’m having an error when I run the command:

   aws cognito-idp sign-up \
    --region us-east-1 \
    --client-id <clientid> \
    --username \
    --password P2ssw0rd01! \
    --profile vgaltes-private \

I’ve double checked that the region is correct and the app client id is correct. The error I get is:

An error occurred (NotAuthorizedException) when calling the SignUp operation: Unableto verify secret hash for client XXXXXXX

Any idea why? I’m running the command from a Ubuntu using virtualenvwrapper.



That’s really strange. Which version of the AWS CLI are you using?


Thanks for your message, sorry I missed it. I’ve just updated to the last version and I’m still having the same error.

aws-cli/1.16.15 Python/2.7.15rc1 Linux/4.15.0-34-generic botocore/1.12.5



I see. The other thing to be check would be your the time on your local machine. Sometimes the hashes generated are off when the server vs local time is off by a lot.


Thanks for your quick answer,

time looks good on my machine. I’ll test today using other machine to see how it goes.